README
npm-historian
npm-historian is a Node.js package (and CLI) for resolving npm dependencies to exact versions at a specific point in time.
Given a package name and version (range) string,
npm-historian finds the exact version that was/would be/have been installed,
were you to have run npm install on the specified date (+ time for increased specificity).
This exists because I was cavalier in my youth,
heedless of "semantic" versioning and other best practices regarding versioning,
and then, one day, impetuously deleted all my node_modules/ directories.
Installation
Install from npm:
npm install --global npm-historian
Examples
Which
babelwere you on back in the middle of 2015?npm-historian --timestamp 2015-07-01 babelbabel@* resolved to "5.6.14" at 2015-07-01
Okay, but what's the latest compatible (pray to the semver gods) version now?
npm-historian babel@^5.6.14babel@^5.6.14 resolved to "5.8.38" at 2018-02-09T23:49:03.983Z
If no compatible version exists,
npm-historianreturnsnull:npm-historian --timestamp 2018-02-09 typescript@~3typescript@~3 resolved to "null" at 2018-02-09
marked, on the day snyk.io reported its XSS vulnerability:npm-historian --timestamp 2016-05-16 markedmarked@* resolved to "0.3.5" at 2016-05-16
left-pad, that contentious package/module/function, on the day Azer Koçulu unpublished it:npm-historian --timestamp 2016-03-22 left-padleft-pad@* resolved to "0.0.4" at 2016-03-22
(Which isn't quite right, but there was some weird rewriting of history going on that day in that package.)
But suppose you had used
npm install --save left-padto install it:npm-historian --timestamp 2016-03-22 left-pad@^0.0.3left-pad@^0.0.3 resolved to "null" at 2016-03-22
Tough luck :(
You can also resolve an entire
package.jsonand all its (dev|peer|bundled|optional)dependencies:npm-historian --timestamp 2016-09-08 package.json(the entire package.json, with all versions pinned down as of 2016-09-08)
License
Copyright 2018 Christopher Brown. MIT Licensed.